search

SELinuxProject / selint

Static code analysis of refpolicy style SELinux policy
Apache License 2.0
38 stars 17 forks source link

Accept MLS ranges as interface argument #214

Closed cgzones closed 2 years ago

cgzones commented 3 years ago

Accept MLS ranges as single quoted arguments to interface calls, like:

bar(foo_t, `s0:c0 - s15:c2.c3')

The dash needs to be surrounded by spaces, otherwise it gets consumed in the preceding identifier (as '-' is a valid identifier character).

The whole range needs to be single quoted to avoid a grammar conflict with a trailing string starting with a dash and not separated by a comma, e.g.:

bar(foo_t, s0 -somestring)

or with a single extended permission.

To avoid another collision strings have been removed from args, introduced in 3deb9f6, but there seems to be no regression.

Closes: #213

dburgener commented 2 years ago

Did you want to mark this as ready for review? It lgtm